si-tooling

module
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 1, 2026 License: Apache-2.0

README

v2/si-tooling Go Reference

This is a go module for working with Security Insights data in YAML security-insights.yml and Go si.SecurityInsights.

Usage

Unmarshal the security-insights.yml data in ossf/security-insights-spec

import (
    "fmt"

    "github.com/ossf/si-tooling/v2/si"
)

func main() {
    insights, err := si.Read("ossf", "security-insights-spec", ".github/security-insights.yml")
    message = fmt.Sprintf("Repository license is: %s", insights.Repository.License.Expression)
}

Schema version support

The module supports Security Insights schema version 2.x, including v2.2.0:

[!WARNING] Security Insights v2.2.0 vulnerability-reporting.policy replaces the former security-policy field under vulnerability reporting. This backwards compatibility violation was tolerated by the Security Insights maintainers due to the lack of evidence that the former field had been adopted by end users. Issues may arise if users of SI Tooling fail to update to the latest version and the users of Security Insights specification begin to use the new field.

Directories

Path Synopsis
Package si provides a Go API for reading and writing Security Insights data.
 Package si provides a Go API for reading and writing Security Insights data.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.